Prevent cross site authentication for logged in users on WordPress multisite

I’m working currently on an application that depends partly on the domains to authenticate the users: several users can belong to an account, and the application can check if you’r connected to this account by retrieving the domain that is used for the log in.

WordPress Multisite is very suited for such a purpose. There’s only one thing I found a bit odd: WordPress considers you logged in on any part of the network, even when you’r only member of one of the subsites.

To prevent a cross site log in, I’ve added some code, which runs both on each request and on the authenticate hook. It’s actually very simple: it checks if the logged in user is member of the current blog. If not, you get logged out and redirected.